A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
PUBLISHED5.2Operating systemCWE-120CWE-119
Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow
Problem type
Affected products
Totolink
N300RH
3.2.4-B20220812 - AFFECTED
References
VDB-360922 | Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow
https://vuldb.com/vuln/360922
VDB-360922 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/360922/cti
Submit #807201 | Totolink N300RH N300RH V3_Firmware V3.2.4-B20220812 Buffer Overflow
https://vuldb.com/submit/807201
lavender-bicycle-a5a.notion.site
https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-loginauth_password-34553a41781f80c0ad36f4d95122fd40?pvs=73
totolink.net
https://www.totolink.net/
GitHub Security Advisories
GHSA-jgvf-pm9w-mfrm
A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this...
https://github.com/advisories/GHSA-jgvf-pm9w-mfrmA security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-7747
lavender-bicycle-a5a.notion.site
https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-loginauth_password-34553a41781f80c0ad36f4d95122fd40?pvs=73
vuldb.com
https://vuldb.com/submit/807201
vuldb.com
https://vuldb.com/vuln/360922
vuldb.com
https://vuldb.com/vuln/360922/cti
totolink.net
https://www.totolink.net
github.com
https://github.com/advisories/GHSA-jgvf-pm9w-mfrm
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-7747Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-7747",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-05-04T08:15:14.596Z",
"dateReserved": "2026-05-03T17:20:44.653Z",
"datePublished": "2026-05-04T08:15:14.596Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-05-04T08:15:14.596Z"
},
"title": "Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow",
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."
}
],
"affected": [
{
"vendor": "Totolink",
"product": "N300RH",
"cpes": [
"cpe:2.3:o:totolink:n300rh_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"Parameter Handler"
],
"versions": [
{
"version": "3.2.4-B20220812",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Buffer Overflow",
"cweId": "CWE-120",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Memory Corruption",
"cweId": "CWE-119",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/360922",
"name": "VDB-360922 | Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/360922/cti",
"name": "VDB-360922 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/submit/807201",
"name": "Submit #807201 | Totolink N300RH N300RH V3_Firmware V3.2.4-B20220812 Buffer Overflow",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-N300RH-loginauth_password-34553a41781f80c0ad36f4d95122fd40?pvs=73",
"tags": [
"exploit"
]
},
{
"url": "https://www.totolink.net/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"baseScore": 10
}
}
],
"timeline": [
{
"time": "2026-05-03T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-05-03T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-05-03T19:25:59.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "wxhwxhwxh_mie (VulDB User)",
"type": "reporter"
}
]
}
}
}